A C++/Asm template for PIC/EXE/DLL malware
☆24Aug 12, 2025Updated 6 months ago
Alternatives and similar repositories for Imperium
Users that are interested in Imperium are comparing it to the libraries listed below
Sorting:
- .NET port of Leron Gray's azbelt tool.☆26Sep 21, 2023Updated 2 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 10 months ago
- ☆20Sep 6, 2025Updated 5 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Aug 13, 2024Updated last year
- CyberShield 2025 Intro to EDR Evasion Class☆17Jun 3, 2025Updated 9 months ago
- ☆58Feb 19, 2026Updated last week
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 3 years ago
- Divulge Stealer a highly advanced info-stealer that outperforms its predecessor, Umbral-Stealer by Blank-c. This new iteration is a compl…☆16Jan 7, 2025Updated last year
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- A simple parser(library) which extracts shimcache data from windows.☆15May 20, 2019Updated 6 years ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- Windows Sandbox Framework☆40Dec 31, 2021Updated 4 years ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Dec 17, 2025Updated 2 months ago
- Load various payload (DLL from memory, Exe, etc...) in a way to evade static analysis of Antivirus. It can fetch data from various method…☆15Jun 18, 2025Updated 8 months ago
- shell code example☆68Dec 12, 2025Updated 2 months ago
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Nov 4, 2025Updated 3 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆137Aug 31, 2025Updated 6 months ago
- Command Augmentation support for BOFs and .NET assemblies across agents☆40Feb 17, 2026Updated 2 weeks ago
- Load Dll into Kernel space☆40Aug 23, 2022Updated 3 years ago
- ☆16Sep 23, 2021Updated 4 years ago
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆18Aug 11, 2023Updated 2 years ago
- ☆42Feb 18, 2025Updated last year
- Malware?☆77Oct 26, 2025Updated 4 months ago
- .data ptr swapper for newer win32k versions. (Supports Windows 11)☆36Jan 19, 2026Updated last month
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆78Jul 25, 2025Updated 7 months ago
- Simple utility to watch directory change notifications on a given path☆20Oct 6, 2017Updated 8 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- A Windows PE loader / manual mapper for executables (x86 and x64) with full TLS (Thread Local Storage) support.☆87Oct 27, 2025Updated 4 months ago
- This GitHub repository contains benign specimens; however, the techniques demonstrated herein could potentially be exploited for maliciou…☆17Aug 4, 2024Updated last year
- Repository to gather the .NET malware I will be developing☆18Mar 23, 2025Updated 11 months ago
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 6 months ago
- Read and Write process memory with this ioctl driver base. This is great for free cheats and learning kernel.☆153May 30, 2024Updated last year
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆166Jul 30, 2025Updated 7 months ago
- GenZ Shellcode Generator to execute commands with winExec API☆22Apr 27, 2025Updated 10 months ago
- XPN's RpcEnum but based on IDA instead of Ghidra☆21Aug 17, 2019Updated 6 years ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- modified mssqlclient from impacket to extract policies from the SCCM database☆44Feb 24, 2026Updated last week